Fixed juiceshop ZAP Extended Integration test.

rfelber · rfelber · commit d486f5281202 · 2021-05-03T17:32:18.000+02:00
diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
@@ -649,15 +649,15 @@ jobs:
       - name: "Install Demo Apps"
         run: |
           # Install dummy-ssh app
-          helm -n demo-apps install dummy-ssh ./demo-apps/dummy-ssh/ --wait
+          helm -n demo-apps install dummy-ssh ./demo-apps/dummy-ssh/ --set="fullnameOverride=dummy-ssh" --wait
           # Install unsafe-https app
-          helm -n demo-apps install unsafe-https ./demo-apps/unsafe-https/ --wait
+          helm -n demo-apps install unsafe-https ./demo-apps/unsafe-https/ --set="fullnameOverride=unsafe-https" --wait
           # Install bodgeit app
-          helm -n demo-apps install bodgeit ./demo-apps/bodgeit/ --wait
+          helm -n demo-apps install bodgeit ./demo-apps/bodgeit/ --set="fullnameOverride=bodgeit" --wait
           # Install old-wordpress app
-          helm -n demo-apps install old-wordpress ./demo-apps/old-wordpress/ --wait
+          helm -n demo-apps install old-wordpress ./demo-apps/old-wordpress/ --set="fullnameOverride=old-wordpress" --wait
           # Install juiceshop app
-          helm -n demo-apps install juiceshop ./demo-apps/juice-shop/ --wait
+          helm -n demo-apps install juiceshop ./demo-apps/juice-shop/ --set="fullnameOverride=juiceshop" --wait
           # Install plain nginx server
           kubectl create deployment --image nginx:alpine nginx --namespace demo-apps
           kubectl expose deployment nginx --port 80 --namespace demo-apps
diff --git a/scanners/zap-extended/cascading-rules/http.yaml b/scanners/zap-extended/cascading-rules/http.yaml
@@ -0,0 +1,21 @@
+apiVersion: "cascading.securecodebox.io/v1"
+kind: CascadingRule
+metadata:
+  name: "zap-extended-http"
+  labels:
+    securecodebox.io/invasive: non-invasive
+    securecodebox.io/intensive: medium
+spec:
+  matches:
+    anyOf:
+      - category: "Open Port"
+        attributes:
+          service: http
+          state: open
+      - category: "Open Port"
+        attributes:
+          service: https
+          state: open
+  scanSpec:
+    scanType: "zap-extended-scan"
+    parameters: ["-t", "{{attributes.service}}://{{$.hostOrIP}}"]
diff --git a/scanners/zap-extended/templates/cascading-rules.yaml b/scanners/zap-extended/templates/cascading-rules.yaml
@@ -0,0 +1,8 @@
+# The CascadingRules are not directly in the /templates directory as their curly bracket syntax clashes with helms templates ... :( 
+# We import them as raw files to avoid these clashes as escaping them is even more messy
+{{ range $path, $_ :=  .Files.Glob  "cascading-rules/*" }}
+# Include File
+{{ $.Files.Get $path }}
+# Separate multiple files
+---
+{{ end }}
diff --git a/scanners/zap-extended/templates/zap-extended-parse-definition.yaml b/scanners/zap-extended/templates/zap-extended-parse-definition.yaml
@@ -0,0 +1,8 @@
+apiVersion: "execution.securecodebox.io/v1"
+kind: ParseDefinition
+metadata:
+  name: "zap-extended-xml"
+spec:
+  handlesResultsType: zap-xml
+  image: "{{ .Values.parserImage.repository }}:{{ .Values.parserImage.tag | default .Chart.Version }}"
+  ttlSecondsAfterFinished: {{ .Values.parseJob.ttlSecondsAfterFinished }}
